weird machines in program metadata
play

WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER - PowerPoint PPT Presentation

Dec 12, 2022 •416 likes •566 views

ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA . bx SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY

  1. ANNUAL INDUSTRY WORKSHOP NOVEMBER 6-7, 2013 WEIRD MACHINES IN PROGRAM METADATA: ATTACKS AND DEFENSES NOVEMBER 2013 REBECCA “. bx ” SHAPIRO DARTMOUTH COLLEGE TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 UNIVERSITY OF ILLINOIS | DARTMOUTH COLLEGE | UC DAVIS | WASHINGTON STATE UNIVERSITY FUNDING SUPPORT PROVIDED BY DOE-OE AND DHS S&T

  2. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUTLINE/CONTRIBUTIONS • Highlight metadata as a mostly undefended attack vector • Demonstrate metadata-driven computation environment – “Weird machine” – Runtime loader → machine – Program metadata → instructions • Discuss defenses 2

  3. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TRADITIONAL VIEW OF EXECUTABLES 3

  4. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR VIEW OF EXECUTABLES 4

  5. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ELF AND METADATA IN THE POWER GRID • ELF – one way to package code and data – E xecutable and L inking F ormat – Binary metadata/file format of Linux/Unix • (Windows uses PE; OSX uses Mach-O) • ELF in the power grid – Embedded Linux Program code • Kernel binary • Kernel modules • Executable binaries • Shared libraries 5

  6. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G HOW TO LOAD/EXECUTE AN ELF 6 6

  7. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G HOW TO LOAD/EXECUTE AN ELF Weird machines lurk here 7 7

  8. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G ELF DYNAMIC RELOCATION METADATA • Intended behavior – Processed by RTLD (the runtime loader) – Instructs RTLD to write given value at given address • Unintended behavior – Can locate base address of randomized libraries – Can perform dynamic linking – Can perform arbitrary computation (WOOT 2013) 8

  9. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TAMING THE RTLD WEIRD MACHINE • Case study: ping in inetutils v1.8 • Goal: insert backdoor that drops root shell – Without changing code • Facts about ping: – Widely used networking tool – Runs setuid as root – Drops privilege during execution • See 29C3 Talk – “ The Care and Feeding of Weird Machines Found in Executable Metadata” • Available in both ELF and Mach-O flavors 9

  10. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TODAY’S DEFENSES ARE NOT SUFFICIENT • Input validation • Data execution protection (DEP) • Address space layout randomization (ASLR) • Code signing/integrity checking • Access control (RWX) • (where is the vulnerability?) Photoshopped by Kythera of Anevern 10

  11. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR DEFENSE APPROACH #1: ELFBAC • A more generic weird machine defense • Build/enforce intra-process access control • Limit the chunks of addresses that chunks of running code can access – e.g.: libraries should not touch application’s sensitive data • Enforce module-level control flow integrity – e.g: data should be encrypted before sent over network • ELFbac: Using the Loader Format for Intent-level Semantics and Fine- grained Protection. Dartmouth Computer Science Technical Report TR2013-727 11

  12. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G OUR DEFENSE APPROACH #2: LANGSEC • Defending against parser-based weird machines • Input  data  “instructions” • Input should be designed as a formal language • Input structure should be well-defined • Should not require a Turing machine to validate/interpret input • Regular expressions can be reasoned about • Weird machines lurk in Turing-complete recognizers • Langsec.org (Bratus et al) 12

  13. ANNUAL INDUSTRY WORKSHOP – NOVEMBER 6-7, 2013 TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G DO YOU KNOW WHAT WEIRD MACHINES LURK IN YOUR DATA? 13 13

Recommend

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki

Weird Machines on Little Robots Intro to binary exploitation on Android smartphones @f0rki 2013-06-06 Agenda Motivation ARM Primer Exploitation 101 Science, Bitches! Vulnerability classes Exploitation Defenses & Mitigation Techniques

899 views • 51 slides
Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina Dartmouth T rust Lab Outline Code re-use: unexpected computation, programming models Containing computation: Coarse intent-based ABI-level

487 views • 27 slides
The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the

The Practice of Metadata The hows and whys of metadata at USGS U.S. Department of the Interior U.S. Geological Survey Presenter Viv Hutchison USGS Core Science Systems / Core Science Analytics and Synthesis (CSAS) Program Denver,

639 views • 44 slides
m e t a d a t a how much of a difference does metadata really make to your bottom line?

m e t a d a t a how much of a difference does metadata really make to your bottom line?

it might be the giant in the room, but it doesnt ha ve t o be scary l e t s t a l k a b o u t What is metadata? What differentiates great metadata from merely good? Do you really need to worry about it? As a publisher, m

253 views • 6 slides
From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA

From SDTM to displays, through ADaM & Analyses Results Metadata, a flight on board METADATA Airlines Omar SEFIANI - Stphane BOUGET, Boehringer Ingelheim DH13, PhUSE Barcelona 2016, October, 12 th Outline Background Metadata Driven

683 views • 19 slides
Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for

Esri International User Conference | San Diego, CA Technical Workshops | 2011-07-12 Metadata In ArcGIS 10.0 Jason Cupp Whats New In ArcGIS 10.0 New Metadata Editor for Multiple Standards New Tools and Workflows Metadata Editor

332 views • 22 slides
UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized

UNSD metadata template / SDMX Metadata Structure Definition Elena De Jess, UNSD Standardized metadata improves usability and comparability Metadata (and data) that follow specific standardized patterns: are easier for users to interpret

991 views • 19 slides
Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly)

An extension of the Argo program to include biogeochemical observations Float metadata on DAC GDAC CATHERINE SCHMECHTIG Tentative Conclusions (from M. Donnelly) Inconsistency in encoding BGC metadata in the Argo data system Effects a

485 views • 16 slides
Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines:

Virtual Machines Uses for Virtual Machines There are several uses for virtual machines: Virtual machine technology, often just called virtualization , makes one computer behave as several Running several operating systems simultaneously on

254 views • 10 slides
His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator,

His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator,

7/30/2019 His istoric Preserv rvation Appreciating th the Weird Steven Hoffman, PhD. Coordinator, Historic Preservation Program Southeast Missouri State University President, Missouri Main Street Connection 1 Historic ic Pres

467 views • 32 slides
Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar,

Restructuring the NSA Metadata Program Seny Kamara Microsoft Research Thanks to: Timothy Edgar, Matt Green, Noah Kunin, Payman Mohassel, Kurt Rohloff, Chris Soghoian and Marcy Wheeler June 5 th , 2013 1 st Snowden document published Verizon

554 views • 43 slides
DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following

DUNE Data Model Meeting: Metadata Metadata Needs And Considerations Steven Timm The following are design concerns for whatever new metadata system is written or adopted. They are written from the point of view of data management operations and

166 views • 4 slides
Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and

Expanding Metadata Reuse with an Islandora Metadata Extraction Utility Serhiy Polyakov and William E. Moen University of North Texas International conference Open Repositories 2013 Charlottetown, Prince Edward Island, Canada Paper presented at

474 views • 25 slides
Why the British constitution is weird (and interesting)

Why the British constitution is weird (and interesting)

Why the British constitution is weird (and interesting) Dr Mark Ellio+ Reader in Public Law, University of Cambridge Fellow & Director of

426 views • 14 slides
Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata

Concurrent clinical condition - on presentation Important note: This is an archived metadata standard from the AIHW Knowledgebase. For current metadata standards and related information please access METeOR, the AIHW's Metadata Online Registry

180 views • 3 slides
The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700 institutions worldwide expose metadata via the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH) using open standards like URI, HTTP ,

224 views • 19 slides
Analysis of library metadata with Metafacture 1 | 42 | Analysis of library metadata with

Analysis of library metadata with Metafacture 1 | 42 | Analysis of library metadata with

Christoph Bhme Analysis of library metadata with Metafacture 1 | 42 | Analysis of library metadata with Metafacture | SWIB 2013 | 25 November 2013 Agenda 13:00 a short introduction to Metafacture 13:30 warm-up exercises 14:30

764 views • 42 slides
Interpreters and virtual machines Michel Schinz 20070323 Interpreters Interpreters An

Interpreters and virtual machines Michel Schinz 20070323 Interpreters Interpreters An

Interpreters and virtual machines Michel Schinz 20070323 Interpreters Interpreters An interpreter is a program that executes another program, represented as some kind of data-structure. Common program representations include: raw

672 views • 53 slides
Some Weird Things Poll #1: Who in here has taken a MOOC? Going On Poll #2: Are you happy or

Some Weird Things Poll #1: Who in here has taken a MOOC? Going On Poll #2: Are you happy or

2/9/2019 Talk Outline Fostering Self-Directed Learning in MOOCs: 1. MOOC Weird Stuff One Modest Little Study to 2. MOOC Systematic Literature Review Help Save the Planet 3. MOOC ID Considerations and Challenges 4. MOOC ID for Self-directed

386 views • 16 slides
Perspectives on Metadata COCOSDA/ICCWLRE RoadMap Meeting LREC 2004 Baden Hughes University of

Perspectives on Metadata COCOSDA/ICCWLRE RoadMap Meeting LREC 2004 Baden Hughes University of

Perspectives on Metadata COCOSDA/ICCWLRE RoadMap Meeting LREC 2004 Baden Hughes University of Melbourne badenh@cs.mu.oz.au [with contributions from Steven Bird and Gary Simons] Draft Metadata Milestones Promote OLAC Metadata more widely

100 views • 5 slides
Using Property Graphs for Rich Metadata Management in HPC Systems Dong Dai , Robert B. Ross,

Using Property Graphs for Rich Metadata Management in HPC Systems Dong Dai , Robert B. Ross,

Using Property Graphs for Rich Metadata Management in HPC Systems Dong Dai , Robert B. Ross, Philip Carns, Dries Kimpe, and Yong Chen 1 Rich Metadata in HPC The data used to describe other data Simple Metadata - A. Leung, et. al.

780 views • 32 slides
Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About

Security Contacts in SAML Metadata Jim Basney jbasney@ncsa.illinois.edu Topics About InCommon Federated security incident response Security contacts in metadata Metadata integrity Examples and statistics Open questions

463 views • 12 slides
Desktop on the Linux (and *BSD of course) . . . youre doing it confused? weird? strange? wrong?

Desktop on the Linux (and *BSD of course) . . . youre doing it confused? weird? strange? wrong?

Desktop on the Linux (and *BSD of course) . . . youre doing it confused? weird? strange? wrong? Who? Wolfgang datenwolf Draxinger When? 27c3, 2010-12-27 DISCLAIMER This talk is: highly opinionated biased born out of frustration .

1.85k views • 169 slides
Batch Metadata Editing in DSpace 1.6+ Maureen P. Walsh, The Ohio State University Libraries

Batch Metadata Editing in DSpace 1.6+ Maureen P. Walsh, The Ohio State University Libraries

Batch Metadata Editing Batch Metadata Editing in DSpace 1.6+ Maureen P. Walsh, The Ohio State University Libraries DSpace User Group Meeting at SPARC DRM November 10, 2010 J Batch Metadata Editing Batch Metadata Editing

681 views • 47 slides

More recommend